External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 14:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: Fix labelling host devices (bz 1145968)

Browse Source 
The check for ISCSI devices was missing a check of subsys type, which
meant we could skip labelling of other host devices as well. This fixes
USB hotplug on F21

https://bugzilla.redhat.com/show_bug.cgi?id=1145968
This commit is contained in:
Cole Robinson 2014-09-24 11:47:46 -04:00
parent b8b3c56566
commit d3489548b5
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/security/security_apparmor.c
View File

@ -828,7 +828,8 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
/* Like AppArmorRestoreSecurityImageLabel() for a networked disk, /* Like AppArmorRestoreSecurityImageLabel() for a networked disk,
* do nothing for an iSCSI hostdev * do nothing for an iSCSI hostdev
*/ */
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
return 0; return 0;
if (profile_loaded(secdef->imagelabel) < 0) if (profile_loaded(secdef->imagelabel) < 0)

6
src/security/security_dac.c
View File

@ -523,7 +523,8 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
/* Like virSecurityDACSetSecurityImageLabel() for a networked disk, /* Like virSecurityDACSetSecurityImageLabel() for a networked disk,
* do nothing for an iSCSI hostdev * do nothing for an iSCSI hostdev
*/ */
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
return 0; return 0;
cbdata.manager = mgr; cbdata.manager = mgr;
@ -657,7 +658,8 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
/* Like virSecurityDACRestoreSecurityImageLabelInt() for a networked disk, /* Like virSecurityDACRestoreSecurityImageLabelInt() for a networked disk,
* do nothing for an iSCSI hostdev * do nothing for an iSCSI hostdev
*/ */
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
return 0; return 0;
switch ((virDomainHostdevSubsysType) dev->source.subsys.type) { switch ((virDomainHostdevSubsysType) dev->source.subsys.type) {

6
src/security/security_selinux.c
View File

@ -1329,7 +1329,8 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
/* Like virSecuritySELinuxSetSecurityImageLabelInternal() for a networked /* Like virSecuritySELinuxSetSecurityImageLabelInternal() for a networked
* disk, do nothing for an iSCSI hostdev * disk, do nothing for an iSCSI hostdev
*/ */
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
return 0; return 0;
switch (dev->source.subsys.type) { switch (dev->source.subsys.type) {
@ -1522,7 +1523,8 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
/* Like virSecuritySELinuxRestoreSecurityImageLabelInt() for a networked /* Like virSecuritySELinuxRestoreSecurityImageLabelInt() for a networked
* disk, do nothing for an iSCSI hostdev * disk, do nothing for an iSCSI hostdev
*/ */
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) if (dev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI &&
scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
return 0; return 0;
switch (dev->source.subsys.type) { switch (dev->source.subsys.type) {